diff --git a/bin/tests/system/synthfromdnssec/clean.sh b/bin/tests/system/synthfromdnssec/clean.sh index 6c9647f9f6..872d02bc95 100644 --- a/bin/tests/system/synthfromdnssec/clean.sh +++ b/bin/tests/system/synthfromdnssec/clean.sh @@ -37,3 +37,4 @@ rm -f ./nxdomain.out ./insecure.nxdomain.out rm -f ./wild.out ./insecure.wild.out rm -f ./wildcname.out ./insecure.wildcname.out rm -f ./minimal.nxdomain.out +rm -f ./black.out diff --git a/bin/tests/system/synthfromdnssec/ns1/minimal.db.in b/bin/tests/system/synthfromdnssec/ns1/minimal.db.in index 1755c4035b..6dd356a3cf 100644 --- a/bin/tests/system/synthfromdnssec/ns1/minimal.db.in +++ b/bin/tests/system/synthfromdnssec/ns1/minimal.db.in @@ -7,7 +7,10 @@ minimal. 3600 SOA ns1.minimal. hostmaster.minimal. ( 3600 ; minimum (1 hour) ) 3600 NS ns1.minimal. - 3600 NSEC dnamed.minimal. NS SOA RRSIG NSEC DNSKEY + 3600 NSEC black.minimal. NS SOA RRSIG NSEC DNSKEY +; cloudflare black lie +black.minimal. 3600 NSEC \000.black.minimal. RRSIG NSEC +; dnamed.minimal. 3600 DNAME dnamed. 3600 NSEC insecure.minimal. DNAME RRSIG NSEC insecure.minimal. 3600 NS ns1.insecure.minimal. diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh index 72981635e7..badeeb14bb 100644 --- a/bin/tests/system/synthfromdnssec/tests.sh +++ b/bin/tests/system/synthfromdnssec/tests.sh @@ -185,6 +185,18 @@ do n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + + echo_i "prime black lie NODATA response (synth-from-dnssec ${description};) ($n)" + ret=0 + dig_with_opts black.minimal. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + check_nosynth_soa minimal. dig.out.ns${ns}.test$n || ret=1 + grep 'black.minimal.*3600.IN.NSEC.\\000.black.minimal. RRSIG NSEC' dig.out.ns${ns}.test$n > /dev/null || ret=1 + [ $ns -eq 2 ] && cp dig.out.ns${ns}.test$n black.out + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) done echo_i "prime redirect response (+nodnssec) (synth-from-dnssec ;) ($n)" @@ -353,6 +365,25 @@ do n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + + echo_i "check back lie NODATA response (synth-from-dnssec ${description};) ($n)" + ret=0 + nextpart ns1/named.run > /dev/null + dig_with_opts black.minimal. @10.53.0.${ns} aaaa > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + if [ ${synth} = yes ] + then + check_synth_soa minimal. dig.out.ns${ns}.test$n || ret=1 + nextpart ns1/named.run | grep black.minimal/AAAA > /dev/null && ret=1 + else + check_nosynth_soa minimal. dig.out.ns${ns}.test$n || ret=1 + nextpart ns1/named.run | grep black.minimal/AAAA > /dev/null || ret=1 + fi + digcomp black.out dig.out.ns${ns}.test$n || ret=1 + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) done echo_i "check redirect response (+dnssec) (synth-from-dnssec ;) ($n)"